Abstract
Policies in modern systems and applications play an essential role. We argue that decisions based on policy rules should take into account the possibility for the users to enable specific policy rules, by performing actions at the time when decisions are being rendered, and/or by promising to perform other actions in the future. Decisions should also consider preferences among different sets of actions enabling different rules. We adopt a formalism and mechanism devised for policy rule management in this context, and investigate in detail the notion of obligations, which are those actions users promise to perform in the future upon firing of a specific policy rule. We also investigate how obligations can be monitored and how the policy rules should be affected when obligations are either fulfilled or defaulted.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
REFERENCES
Claudio Bettini, Sushil Jajodia, X. Sean Wang, and Duminda Wijesekera, Provisions and obligations in policy rule management and security applications, Proc. 28th VLDB Conference, Hong Kong, China, 2002.
R. Dechter, I. Meiri, and J. Pearl, Temporal constraint networks, Artificial Intelligence Vol.49, pp. 61–95, 1991.
Claudio Bettini, X. Sean Wang, and Sushil Jajodia, Solving multi-granularity temporal constraint networks, Elsevier Science, Artificial Intelligence, Vol.140, Nos. 1/2, pp. 107–152, 2002.
C. Bettini, S. Jajodia, and X. Wang, Time-Granularities in Databases, Temporal Reasoning, and Data Mining, Springer, 2000.
N. Damianou, N. Dulay, E. Lupu, and M. Sloman The ponder policy specification language, Policies for Distributed Systems and Networks, Lecture Notes in Computer Science, Vol.1995, 2001.
J. Lobo, R. Bhatia, and S. Naqvi, A policy description language, Proc. National Conference of the American Association for Artificial Intelligence, Orlando, Florida, USA, 1999.
T. Y. C. Woo and S. S. Lam, Authorizations in distributed systems: A new approach, Journal of Computer Security, Vol.2, Nos. 2/3, pp. 107–136, 1993.
Elisa Bertino, Claudio Bettini, Elena Ferrari, and Pierangela Samarati, An access control model supporting periodicity constraints and temporal reasoning, ACM Transactions on Database Systems, Vol.23, No.3 pp. 231–285, 1998.
Sushil Jajodia, Pierangela Samarati, Maria Luisa Sapino, and V. S. Subrahmanian, Flexible support for multiple access control policies, ACM Transactions on Database Systems, Vol.26, (No.2) pp. 214–260, 2001.
Michiharu Kudo and Satoshi Hada, XML document security based on provisional authorization, Proc. 7th ACM Conference on Computer and Communications Security, pp. 87–96, 2000.
Sushil Jajodia, Michiharu Kudo, and V.S. Subrahmanian, Provisional authorizations. In Anup Gosh (ed.), E-Commerce Security and Privacy, Kluwer Academic Press, pp. 133–159, 2001.
J. Chomicki and J. Lobo, Monitors for history-based policies, Policies for Distributed Systems and Network, Lecture Notes in Computer Science, Vol.1995, 2001.
N.H. Minsky and V. Ungureanu, Law-governed intaractions: A coordination and control mechanism for heterogeneous distributed systems. ACM Transections on Software Engineering and Methodology, Vol.9, No.3, pp. 273–305, 2000.
N.H. Minsky and A.D. Lockman, Ensuring integrity by adding obligations to privileges, IEEE International Conference on Software Engineering, pp. 92–102, 1985.
S.J.H. Kent, T.S.E. Maibaum, and W.J. Quick, Formally specifying temporal constraints and error recovery, Proc. IEEE International Symposium on Requirements Engineering, pp. 208–215, 1993.
M.S. Feather, An implementation of bounded obligations, Proc. Eighth Knowledge Based Software Engineering Conference, pp. 114–122, 1993.
M. Roscheisen and T. Winograd, A communication agreement framework for access/action control, Proc. IEEE Symposium on Security and Privacy, 1996.
R. J. Wieringa and J-J Ch. Meyer, Applications of deontic logic in computer science: A concise overview, Deontic Logic in Computer Science: Normative System Specification, pp. 17–40, John Wiley, 1993.
M.J. Sergot, F. Sadri, R.A. Kowalski, F. Kriwaczek, P. Hammond, and H.T. Cory, The British Nationality Act as a logic program, Communication of the ACM, Vol.29, No.5, pp. 370–386, 1986.
Michael Gelfond, and Vladimir Lifschitz, Representing action and change by logic programs, Journal of Logic Programming, Vol.17, No.2, pp. 301–321, 1993.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Bettini, C., Jajodia, S., Wang, X.S. et al. Provisions and Obligations in Policy Rule Management. Journal of Network and Systems Management 11, 351–372 (2003). https://doi.org/10.1023/A:1025711105609
Issue Date:
DOI: https://doi.org/10.1023/A:1025711105609